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(54) Secure data control apparatus and method 

(57) A secret data management apparatus includes 
an image display unit (10) which displays an image on 
a display monitor (4). A position/sequence input unit (1 2) 
inputs positions of input image points on the image using 
an input device (6) and inputs a sequence of the posi- 
tions using the input device. An encryption unit (14) gen- 
erates encrypted data of a secret key based on the po- 
sitions and the sequence from the position/sequence in- 
put unit (12). A secret data storage unit (16) stores the 
encrypted data of the secret key from the encryption unit 
(1 4) in a storage medium. An access allowance unit ( 1 8) 
allows access to the secret key stored in the storage 
medium when positions of input image points on the im- 
age and a sequence of the positions, subsequently 
specified using the input device at a time of the access, 
match with the positions and the sequence from the po- 
sition/sequence input unit (12). A decryption unit (20) 
generates plain data of the secret key from the encrypt- 
ed data stored in the storage medium when the access 
is allowed by the access allowance unit (18). 
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Description 

BACKGROUND OF THE INVENTION 

(1) Field of the Invention 

[0001] The present invention relates to a secret data 
management apparatus and method which controls se- 
cret data, such as a secret key which a certificate au- 
thority issues for a user. Further, the present invention 
relates to a computer readable medium storing program 
code instructions which cause a processor to execute a 
secret data management processing in a secret data 
management apparatus. 

(2) Description of the Related Art 

[0002] Generally, in a conventional secret data man- 
agement system, an electronically stored secret key is 
controlled by using a password including a number of 
alphanumeric characters in order to avoid discovery by 
a hacker. It is desired for a user to make use of several 
different passwords when gaining access to various 
electronic communication services. However, it is prac- 
tically difficult for the user to memorize the respective 
passwords for obtaining such services. In many cases, 
the user makes use of a single password when obtaining 
the services. 

[0003] In a conventional system, a password based 
on personal information, such as a birth date or a phone 
number, is often input by the user. The possibility that a 
serious hacker discovers the password based on per- 
sonal data is higher than a mathematically estimated 
possibility of the discovery of the password. 
[0004] Further, when the user of the conventional se- 
cret data management system makes an electronic 
communication through the Internet, the user often in- 
puts a password including alphanumeric characters. 
The user runs the risk of leakage of the password to 
hackers in such a case. 

[0005] As described above, when a password includ- 
ing alphanumeric characters is used for controlling the 
secret key, the possibility of the discovery of the pass- 
word is increased according to the manner in which the 
user makes use of the password. 
[0006] The secret key controlled by the use of the 
password generally indicates a numerical value of sev- 
eral hundred digits. It is practically impossible forthe us- 
er to memorize the numerical value of the secret key. In 
many cases, a storage medium, such as an IC card, in 
which the secret data is stored is used. When the secret 
key from the IC card is controlled by using the password 
as in the above conventional system, the possibility of 
the discovery of the password is increased according to 
the manner in which the user makes use of the pass- 
word. If the IC card is stolen by a hacker, the hacker will 
easily discover the password to gain access to the se- 
cret data. 



[0007] When the secret key is controlled by using the 
alphanumeric password in the conventional secret data 
management system, the conventional system fails to 
provide adequate security for the secret information in 

5 the conventional system. 

[0008] A conceivable method to increase secu rity for 
the secret infomnation in the conventional system is to 
use an alphanumeric password including a large 
number of digits which is hard to discover However, it 

10 is difficult for the user to memorize such a password, 
and the use of such a password is inconvenient for the 
user. The above-mentioned method also fails to provide 
adequate security for the secret information. 
[0009] As described above, the user often inputs a 

15 password based on personal data pertaining to the user 
when gaining access to the secret information. The pos- 
sibility that a serious hacker discovers the password 
based on the personal data is higher than the mathe- 
matically estimated possibility of the discovery of the 

20 password. The conventional secret data management 
system fails to provide adequate security for the secret 
information. 

[0010] Further, when the user of the conventional se- 
cret data management system makes an electronic 

25 communication through the Internet, the user has to in- 
put a password including alphanumeric characters by 
operating a keyboard of a personal computer instead of 
a mouse. Generally, when obtaining electronic commu- 
nication sen^ices, the user frequently operates the 

30 mouse. The user must operate the keyboard only v\rtien 
inputting the password, and therefore, the use of the al- 
phanumeric password is considerably inconvenient for 
the user. 

35 SUMMARY OF THE INVENTION 

[001 1] An object of the present invention is to provide 
an improved secret data management apparatus and 
secret data management method in which the above- 

40 mentioned problems are eliminated. 

[0012] Another object of the present invention is to 
provide a secret data management apparatus which uti- 
lizes a simple image password created by positions of 
input image points and a sequence of the positions, ar- 

45 bitrarily specified by a user on a display monitor using 
an input device, and provides adequate security for se- 
cret information stored in a storage device. 
[0013] Still another object of the present invention is 
to provide a secret data management method which uti- 

50 lizes a simple image password created by positions of 
input image points and a sequence of the positions, ar- 
bitrarily specified by a user on a display monitor using 
an input device only, and provides adequate security for 
secret information stored in a storage device. 

55 [0014] A further object of the present invention is to 
provide a computer readable medium storing program 
code instructions for causing a processor of a secret da- 
ta management apparatus to execute a secret data 
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management processing which utilizes a simple image 
password created by positions of input image points and 
a sequence of the positions, arbitrarily specified by a 
user on a display monitor using an input device, and pro- 
vides adequate security for secret information stored in 5 
a storage device. 

[0015] The above-mentioned objects of the present 
invention are achieved by a secret data management 
apparatus for controlling a secret key so that the secret 
key is kept confidential, the secret data management 
apparatus comprising: an image display unit which dis- 
plays an image on a display monitor; a position/se- 
quence Input unit which inputs positions of input image 
points on the image specified using an input device and 
inputs a sequence of the positions specified using the 
input device; an encryption unit which generates en- 
crypted data of the secret key based on the positions 
and the sequence from the position/sequence input unit; 
a secret data storage unit which stores the encrypted 
data of the secret key from the encryption unit in a stor- 
age medium; an access allowance unit which allows an 
access to the secret key stored in the storage medium 
when positions of input image points on the image and 
a sequence of the positions, subsequently specified us- 
ing the Input device at a time of the access, match with 
the positions and the sequence from the position/se- 
quence input unit; and a decryption unit which generates 
plain data of the secret key from the encrypted data 
stored in the storage medium when the access is al- 
lowed by the access allowance unit. 
[0016] The above-mentioned objects of the present 
invention are achieved by a secret data management 
apparatus for controlling a secret key issued by a certif- 
icate authority so that the secret key is kept confidential, 
the secret data management apparatus comprising: an 
image display unit which displays an image on a display 
monitor; a posit ion/ sequence input unit which inputs po- 
sitions of input image points on the image specified us- 
ing an input device and inputs a sequence of the posi- 
tions specified using the input device; an encryption unit 
which generates encrypted data of the secret key based 
on the positions and the sequence from the position/se- 
quence input unit; a secret data storage unit which 
stores the encrypted data of the secret key from the en- 
cryption unit in a first storage medium; an access allow- 
ance unit which allows an access to the secret key 
stored in the first storage medium when positions of in- 
put image points on the Image and a sequence of the 
positions, subsequently specified using the Input device 
at a time of the access, match with the positions and the 
sequence from the position/sequence input unit; and a 
decryption unit which generates plain data of the secret 
key from the encrypted data stored in the first storage 
medium when the access is allowed by the access al- 
lowance unit. 

[0017] The above-mentioned objects of the present 
invention are achieved by a method of controlling a se- 
cret key issued by a certificate authority so that the se- 



cret key is kept confidential, the method comprising the 
steps of: inputting user data and user environment data 
specified by a user; setting an image to be displayed on 
a display monitor; displaying the image on the display 
monitor and inputting positions of input image points on 
the displayed image specified by the user and a se- 
quence of the positions specified by the user; generating 
an encryption key based on the specified positions and 
the specified sequence; generating encrypted data of 
the secret key based on the encryption key; and storing 
the encrypted data of the secret key, the user data and 
the user environment data in a storage medium, wherein 
the encrypted data, the user data, and the user environ- 
ment data are related to each other, and the encrypted 
data, the user data, and the user environment data are 
registered In the storage medium. 
[0018] The above-mentioned objects of the present 
invention are achieved by a computer readable medium 
storing program code for causing a processorto execute 
a secret data processing which controls a secret key is- 
sued by a certificate authority so that the secret key is 
kept confidential in a secret data management appara- 
tus, comprising: a first program code device which caus- 
es the processor to display an image on a display mon- 
itor; a second program code device which causes the 
processorto input positions of input image points on the 
Image specified using an input device and input a se- 
quence of the positions specified using the input device; 
a third program code device which causes the processor 
to generate encrypted data of the secret key based on 
the positions and the sequence from the second pro- 
gram code device; a fourth program code device which 
causes the processor to store the encrypted data of the 
secret key from the third program code device in a first 
storage medium; a fifth program code device which 
causes the processor to allow an access to the secret 
key stored in the first storage medium when positions of 
Input image points on the image and a sequence of the 
positions, subsequently specified using the input device 
at a time of the access, match with the positions and the 
sequence from the second program code device; and a 
sixth program code device which causes the processor 
to generate plain data of the secret key from the encrypt- 
ed data stored in the first storage medium when the ac- 
cess is allowed. 

[001 9] In the secret data management apparatus and 
method of the present invention, the encryption key is 
created by positions of input image points and a se- 
quence of the positions, specified by a user on the dis- 
play monitor using only the input device, and the secret 
key is controlled by using the encryption key. It is no 
longer necessary to input the alphanumeric password 
by using the keyboard, as In the conventional system. 
It is possible for the present invention to provide in- 
creased operability for the user and adequate security 
for the secret information in the storage medium. 
[0020] According to the present invention, it is not 
necessary to use the personal-data password such as 
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a date ot birth or a phone number. The positions ot the 
input image points and the sequence of the positions 
are arbitrarily specified by the user on the display mon- 
itor using the input device and does not rely on personal 
data. It is possible for the present invention to provide 5 
adequate security for the secret information, and the se- 
cret data management apparatus and method of the 
present invention are effective in avoiding the discovery 
of the password by a hacker. 

[0021] Further, when the user of the secret data man- io 
agement apparatus of the present invention makes an 
electronic communication through the Internet, it is not 
necessary for the user to operate the keyboard of the 
computer during the communication. The positions of 
the input image points and the sequence of the positions 
can be specified by the user on the display monitor using 
only the input device, and it is possible for the present 
invention to provide increased operability for the user 
and adequate security for the secret information. 
[0022] Further, the secret data management appara- 20 
tus and method of the present invention does not require 
expensive hardware, such as a fingerprint system or a 
voice pattern system, to authenticate personal identifi- 
cation, and can be constructed by implementing soft- 
ware only. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0023] The above and other objects, features and ad- 
vantages of the present invention will become more ap- 
parent from the following detailed description when read 
in conjunction with the accompanying drawings in 
which: 

FIG. 1 is a block diagram of basic elements of a se- 
cret data management apparatus of the present in- 
vention; 

FIG. 2 is a block diagram of the secret data man- 
agement apparatus of the present invention; 
FIG. 3 is aflowchartfor explaining a secret key entry 
processing of a secret data management method 
of the present invention; 

FIG. 4 is a flowchart for explaining a user authenti- 
cation processing of the secret data management 
method of the present invention; 
FIG. 5 is a block diagram for explaining a preferred 
embodiment ot the secret data management appa- 
ratus of the present invention; 
FIG. 6 is a flowchart for explaining a new entry 
processing performed by the secret data manage- 
ment apparatus of FIG, 5; 

FIG. 7A and FIG. 7B are diagrams for explaining 
the contents of a secret key database and a user 
environment setting database in the secret data 
management apparatus of FIG. 5; 
FIG. 8 is a flowchart for explaining an image pass- 
word processing performed by the secret data man- 
agement apparatus of FIG. 5; 



FIG. 9 is a flowchart for explaining an additional en- 
try processing performed by the secret data man- 
agement apparatus of FIG, 5; 
FIG. 10 is a diagram for explaining the contents of 
the secret key database after the additional entry 
processing is performed; 

FIG. 11 is a flowchart for explaining an entry update 
processing performed by the secret data manage- 
ment apparatus of FIG. 5; 
FIG. 12 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at a user environment setting step; 
FIG. 1 3 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at a background image setting step; 
FIG. 14 is a diagram for explaining a display screen 
of the secret data management apparatus ot FIG. 
5 at a mesh pattern setting step; 
FIG, 15 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at a position/sequence data setting step; 
FIG. 16 is a diagram for explaining a configuration 
of an encryption key generating unit in the secret 
data management apparatus of FIG. 5; 
FIG. 17 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at an encryption key generating step; 
FIG. 18 is a diagram for explaining a display screen 
of the secret data nnanagement apparatus of FIG. 
5 at a secret key setting step; 
FIG. 1 9 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at a registered user name setting step; 
FIG. 20 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at a background/pattern display step; 
FIG. 21 is a diagram for explaining a display screen 
of the secret data management apparatus of FIG. 
5 at an image password reception step; and 
FIG. 22A and FIG. 22B are diagrams for explaining 
display screens of a browser when a browser link 
option Is used. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

[0024] To facilitate understanding of the present in- 
vention, a description will be given of the principles of a 
secret data management apparatus and method of the 
present invention with reference to FIG. 1 through FIG. 
4. 

[0025] FIG. 1 shows basic elements of a secret data 
management apparatus of the present invention in 
which a secret key is controlled so that the secret key is 
kept confidential. 

[0026] As shown in FIG. 1 , a secret data management 
apparatus 2 comprises an image display unit 10 which 
displays an image on a display monitor 4. A position/ 
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sequence input unit 12 inputs positions of input image 
points on tine image specified by a user by using a 
mouse 6, and inputs a sequence of the positions spec- 
ified by using the mouse 6. The mouse 6 in the secret 
data management apparatus 2 may be any one of input 5 
devices including a pointing device, a trackball, a joy- 
stick, and so on. An encryption unit 14 generates en- 
crypted data of a secret key based on the positions and 
the sequence from the position/sequence input unit 12. 
A secret data storage unit 1 6 stores the encrypted data to 
of the secret key from the encryption unit 1 4 in a storage 
medium (not shown in FIG. 1). 
[0027] Further, in the secret data management appa- 
ratus 2, an access allowance unit 18 allows access to 
the secret key in the storage medium when positions of ?5 
input image points on the image and a sequence of the 
positions, subsequently specified by the user by using 
the mouse 6 at a time of access, match with the positions 
and the sequence from the position/sequence input unit 
1 2, A decryption unit 20 generates plain data of the se- 
cret key from the encrypted data stored in the storage 
medium when access is allowed by the access allow- 
ance unit IB. 

[0028] In the above-described secret data manage- 
ment apparatus 2, access to the secret key in the stor- 
age medium is controlled by using the positions and the 
sequence on the image specified by the user on the dis- 
play monitor 4 by using the mouse 6. The access to the 
secret key is allowed only when the subsequently spec- 
ified positions and sequence (or the image password) 
match with the originally specified positions and se- 
quence (or the image password). As the image pass- 
word can arbitrarily be specified by the user and does 
not rely on personal data as in the conventional system, 
the secret data management apparatus of the present 
invention can provide increased operability forthe user 
and adequate security for the secret key in the storage 
medium. It is possible for the secret data management 
apparatus of the present invention to remarkably reduce 
the possibility that a hacker will discover the image pass- 
word, as compared to the case of alphanumeric pass- 
word of the conventional system. 
[0029] In the secret data management apparatus 2 of 
FIG. 1 , the encryption unit 1 4 may include an encryption 
key generating unit which generates an encryption key 
based on the positions and the sequence from the po- 
sition/sequence input unit 12, and a secret key encryp- 
tion unit which generates encrypted data of the secret 
key based on the encryption key from the encryption key 
generating unit. 

[0030] In the above-described secret data manage- 
ment apparatus 2, the secret key is controlled by using 
an encryption key created by the positions of the input 
image points and the sequence of the positions speci- 
fied by the user, and the encrypted data of the secret 
key is stored in the storage medium. The secret data 
management apparatus of the present invention can 
provide a higher security for the secret information than 



the conventional system in which the plaintext of the se- 
cret key is stored in the storage medium. 
[0031] Further, in the encryption unit 14 of the secret 
data management apparatus 2 of FIG. 1 , the encryption 
key generating unit may calculate a value of the encryp- 
tion key based on the positions and the sequence from 
the position/sequence input unit 12. The secret key en- 
cryption unit may perform a one-to-one letter substitu- 
tion of an input secret key according to the calculated 
value from the encryption key generating unit. 
[0032] The above-described secret data manage- 
ment apparatus 2 can remarkably reduce the possibility 
that a hacker discovers the image password in compar- 
ison with the case of the alphanumeric password as in 
the conventional system. 

[0033] Further, in the secret data management appa- 
ratus 2 of FIG. 2, the image display unit 10 may display 
a mesh pattern superimposed on the image on the dis- 
play monitor 4, the mesh pattern having a selectable 
mesh size and a selectable mesh pattern color. The 
above-described secret data management apparatus 2 
can provide increased operability for the user when 
specifying the positions of the input image points and 
the sequence of the positions on the image on the dis- 
play monitor 4. 

[0034] FIG. 2 shows a configuration of the secret data 
management apparatus of the present invention. In the 
secret data management apparatus of FIG. 2, a secret 
key issued by a certificate authority is controlled so that 
the secret key is kept confidential. 
[0035] In FIG. 2, the elements which are the same as 
corresponding elements in FIG. 1 are designated by the 
same reference numerals, and a description thereof will 
be omitted. 

[0036] As shown in FIG. 2, a secret data management 
apparatus 30 comprises an image display unit 32 which 
displays an image on the display monitor 4. A position/ 
sequence input unit 40 inputs positions of input image 
points on the image specified by a user on the display 
monitor 4 by using the mouse 6, and inputs a sequence 
of the positions specified by the user on the display mon- 
itor 4 by using the mouse 6. An encryption unit 42 gen- 
erates encrypted data of the secret key from the certifi- 
cate authority based on the positions and the sequence 
from the position/sequence input unit 40. A secret data 
storage unit 50 stores the encrypted data of the secret 
key from the encryption unit 42 in a storage medium (not 
shown). 

[0037] Further, in the secret data management appa- 
ratus 30 of FIG. 2, an access allowance unit 60 allows 
access to the secret key stored in the storage medium 
when positions of input image points on the image and 
a sequence of the positions, subsequently specified by 
the user on the display monitor 4 by using the mouse 6 
at a time of the access, match with the positions and the 
sequence from the position/sequence input unit 40. A 
decryption unit 66 generates plain data of the secret key 
from the encrypted data stored In the storage medium 
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when the access is allowed by the access allowance unit 
60. 

[0038] In the secret data managennent apparatus 30 
of FIG. 2, the encryption unit 42 connprisesan encryption 
key generating unit 44 which generates an encryption 5 
key based on the positions and the sequence from the 
position/sequence input unit 40, and a secret key en- 
cryption unit 46 which generates encrypted data of the 
secret key based on the encryption key f ronn the encryp- 
tion key generating unit 44. 

[0039] In the above-described encryption unit 42 of 
the secret data management apparatus 30, the encryp- 
tion key generating unit 44 calculates a value of the en- 
cryption key based on the positions and the sequence 
from the position/sequence input unit 40. The secret key 
encryption unit 46 performs a one-to-one letter substi- 
tution of the secret key from the certificate authority ac- 
cording to the calculated value from the encryption key 
generating unit 44. 

[0040] In the secret data management apparatus 30 
of FIG. 2, the image display unit 32 displays a registered 
image 34 on the display monitor 4. In the above-de- 
scribed secret data management apparatus 30, the Im- 
age display unit 32 may display a user-defined Image 
36 on the display monitor 4. Further, in the above-de- 
scribed secret data management apparatus 30, the im- 
age display unit 32 may display a user-defined image, 
transferred from a separate storage medium, on the dis- 
play monitor 4. This storage medium is separated from 
the storage medium within the secret data management 
apparatus 30. This enables the secret data manage- 
ment apparatus of the present invention to provide in- 
creased security for the image password specified by 
the user. 

[0041] The secret data management apparatus 30 of 
FIG. 2 further comprises a mesh pattern display unit 38 
which displays a mesh pattern superimposed on the Im- 
age on the display monitor 4, the mesh pattern having 
a selectable mesh size and a selectable mesh pattern 
color. 

[0042] In the secret data management apparatus 30 
of FIG. 2, the encryption unit 42 may generate encrypted 
data of plural secret keys when identical positions of in- 
put image points on the image and an identical se- 
quence of the positions are specified by the user on the 
display monitor 4 by using the mouse 6 and input by the 
position/sequence input unit 40. In this case, the access 
allowance unit 60 may allow access to the plural secret 
keys when the identical positions and the identical se- 
quence are subsequently specified by the user on the 
display monitor 4 by using the mouse 6 at a time of the 
access. In this case, when the user specifies, at a time 
of access to the plural secret keys, the identical posi- 
tions and the identical sequence on the display monitor 
4 by using the mouse 6. the access allowance unit 60 
can allow the access to the plural secret keys. 
[0043] The secret data management apparatus 30 of 
FIG. 2 further comprises a second input unit 68 which 



inputs user data and user environment data specified 
by the user. As shown in FIG, 2, the secret data storage 
unit 50 stores the user data 54 and the user environment 
data 56 in the storage medium in addition to the encrypt- 
ed data 52 of the secret key. 

[0044] In the above-described secret data manage- 
ment apparatus 30, the access allowance unit 60 com- 
prises an accessibility judgment unit 62 which deter- 
mines whether positions of input image points on the 
image and a sequence of the positions, subsequently 
specified by the user on the display monitor 4 by using 
the mouse 6 at a time of the access, match with the po- 
sitions and the sequence from the position/sequence in- 
put unit 40, and a secret key selection unit 64 which 
reads the user data 54 and the user environment data 
56, in addition to the encrypted data 52 of the secret key, 
from the storage medium when the access to the secret 
key is allowed by the access allowance unit 60. This en- 
ables the secret data management apparatus of the 
present invention to provide increased operabitity for the 
user. 

[0045] FIG. 3 shows a secret key entry processing of 
a secret data management method of the present inven- 
tion. In the secret data management method of FIG. 3, 
a secret key issued by a certificate authority is controlled 
by using an encryption key created by positions of input 
image points and a sequence of the positions specified 
by a user, so that the secret key is kept confidential. 
[0046] The secret data management method of FIG. 
3 relates to the secret key entry processing. As shown 
in FIG. 3, at the start of the secret key entry processing 
of the secret data management method of the present 
invention, user data and user environment data speci- 
fied by a user are input to the secret data management 
apparatus (SI ). An Image to be displayed on the display 
monitor is specified by the user (S2). The image Is dis- 
played on the display monitor, and positions of input im- 
age points of the image on the display mon'rtor, specified 
by the user by using the mouse, and a sequence of the 
positions specified by the user are input to the secret 
data management apparatus (S3). 
[0047] Further, in the secret key entry processing, an 
encryption key is generated based on the specified po- 
sitions and the specified sequence (S4). Encrypted data 
of the secret key is generated based on the encryption 
key (S5). The encrypted data of the secret key, the user 
data and the user environment data are stored in a stor- 
age medium of the secret data management apparatus 
(S6). In the storage medium, the encrypted data, the us- 
er data, and the user environment data are related to 
each other, and the encrypted data, the user data, and 
the user environment data are registered in the storage 
medium (S6). 

[0048] FIG. 4 shows a user authentication processing 
of the secret data management method of the present 
invention. In the secret data management method of 
FIG. 4, access to the secret key issued by the certificate 
authority is controlled by performing a user authentica- 
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tion after the secret key entry processing of FIG. 3 is 
finished. 

[0049] As shown in FIG. 4, at the start of the user au- 
thentication processing of the secret data management 
method of the present invention, the user data subse- 
quently specified by the user at a time of access is input 
to the secret data management apparatus (S7). The im- 
age is displayed on the display monitor, and positions 
of input image points on the image on the display mon- 
itor subsequently specified by the user and a sequence 
of the positions subsequently specified by the user are 
input to the secret data management apparatus (S8). 
[0050] After the above step S8 is performed, a deter- 
mination is made as to whether the subsequently spec- 
ified positions and sequence of the image password 
match with the previously specified positions and se- 
quence of the image password (S9). 
[0051] When the above determination step S9 yields 
the match, plain data of the secret key related to the user 
name Is generated from the encrypted data stored in the 
storage medium, and access to the secret key is allowed 
in accordance with the user environment data related to 
the secret key (S11). 

[0052] On the other hand, when the above determi- 
nation step S9 does not yield the match, the access to 
the secret key is inhibited (S10). Accordingly, the secret 
data management method of the present invention can 
provide increased operability for the user and adequate 
security for the secret information. 
[0053] In view of the above-described secret data 
management apparatus and method, a description will 
now be given of the preferred embodiment of the secret 
data management apparatus of the present invention 
with reference to FIG. 5 through FIG. 22B. 
[0054] FIG. 5 shows an embodiment of the secret da- 
ta management apparatus of the present invention. 
[0055] In a secret data management system 100 of 
the present embodiment, a secret key to obtaining ac- 
cess to secret information stored in a storage medium 
is generated by using an encryption key created by po- 
sitions of input image points and a sequence of the po- 
sitions. The positions of the input image points and the 
sequence of the positions are arbitrarily specified by the 
image password user on the display monitor with the 
mouse. The secret data management system 100 con- 
trols access to the secret information by performing a 
determination as to whether an input image password 
given for the access accords with a registered image 
password (or the positions of the input image points and 
the sequence of the positions) which is stored within the 
system 100. 

[0056] As shown in FIG. 5, the secret data manage- 
ment system 100 comprises a processing control unit 
102. In response to an input command, the processing 
control unit 102 selects one of a plurality of processing 
units within the secret data management system 100, 
and performs a corresponding processing for the select- 
ed one of the plurality of processing units. The plurality 



of processing units include a new entry processing unit 
103, an image password processing unit 104, an addi- 
tional entry processing unit 105, and an entry update 
processing unit 106. 

5 [0057] Further, in the secret data management sys- 
tem lOOof FIG.5, asecret key database 1 31 and a user 
environment database 132 are provided. In the secret 
key database 131, a plurality of secret key data are 
stored. In the user environment database 1 32, a plurality 

10 of user environment setting data are stored. 

[0058] In the new entry processing unit 1 03 of the sys- 
tem 100 of FIG. 5, a user environment setting unit 111, 
a background image setting unit 112, a mesh pattern 
setting unit 113, a position/sequence data setting unit 

75 114. an encryption key generating unit 115, asecret key 
setting unit 116, an encryption unit 117, a secret key 
storing unit 118, and a user environment setting storing 
unit 119 are provided. 

[0059] FIG. 6 shows a new entry processing per- 
20 formed by the new entry processing unit 1 03 in the se- 
cret data management system 1 00. 
[0060] In the present embodiment, a new entry 
processing program related to the flowchart of FIG. 6 
(which will be described later) is program code instruc- 
ts tions stored in a memory (not shown) of the secret data 
management system 1 00. The memory of the secret da- 
ta management system 100 is. for example, a ROM 
(read-only memory) or a RAM (random access memo- 
ry). The memory corresponds to a computer readable 
30 medium in the claims. The computer readable medium 
includes any instruction storage device, such as for ex- 
amples, magnetic disks including floppy disks, optical 
disks including CD-ROMs, magneto-optical disks in- 
cluding MOs, semiconductor memory cards such as IC 
35 cards and miniature cards and other types of computer 
usable devices and media. 

[0061] In the present embodiment, the memory of the 
secret data management system 100 may store encod- 
ed or non-encoded instructions. The instructions may 

40 be installed from a floppy disk (or a CD-ROM) to a hard 
disk drive (not shown) of the secret data management 
system 100 first, transferred to a RAM (not shown) of 
the system 100 and then read by a processor (not 
shown) of the system 100. The memory of the secret 

45 data management system 1 00 may store either all or a 
part of the instructions related to the flowchart of FIG. 6. 
[0062] Further, in the present embodiment, the 
processing control unit 102 includes a processor (for ex- 
ample, a central processing un it of the secret data man- 

50 agement system 100). The above-mentioned program 
code instructions cause the processor of the processing 
control unit 102 to perform a corresponding processing 
for the selected one of the processing units 103-106. 
Hereinafter, the processor of the processing control unit 

55 1 02 of the secret data management system 1 00 will sim- 
ply be called the processor, for the sake of simplicity of 
description. 

[0063] During the new entry processing of FIG. 6, a 
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secret key entry in the secret key database 1 31 and a 
user environment setting entry, related to the secret key 
entry, in the user environnrient setting database 132 are 
carried out by the image password user. 
[0064] At the start of the new entry processing ot FIG. 5 
6, the user environment setting unit 111 at step S21 
causes the processor to receive a user environment set- 
ting for the secret data management system 1 00 which 
is input by the user on the display monitor using the 
mouse. The environment setting input by the user in- io 
eludes a user name, a used browser, and a browser link 
option. The input environment setting for the system 1 00 
is used during a subsequent processing of the new entry 
processing unit 103, in order to provide increased oper- 
ability for the user. 

[0065] If a registered user name Is input at the above 
step S21 as the user name of the environment setting, 
the registered user name can be used during a subse- 
quent processing of the new entry processing unit 103. 
The registered user name may be any identification data 
to identify the user, and it may not necessarily be the 
real name of the user. It is necessary that the identifica- 
tion data does not easily allow a hacker to recognize the 
user. 

[0066] The environment setting for the system 1 00 is 
arbitrarily input by the user at the above step S21 , and 
it Is possible to provide increased operabitity of the 
mouse for the user during the subsequent processing 
of the new entry processing unit 103. 
[0067] After the above step S21 is performed, the 
background image setting unit 112 at step S22 causes 
the processor to receive a background Image input by 
the user. The input background image is displayed on 
the display monitor after the above step S22 is per- 
formed during the new entry processing, 
[0068] At the above step S22, the user selects, as the 
input background image, one of a number of registered 
background images, a user-defined background image, 
and another background image transferred from an ex- 
ternal image storage medium into the system 100. The 
image storage medium includes any image storage de- 
vice, such as for examples, magnetic disks including 
floppy disks, optica! disks Including CD-ROMs, magne- 
to-optical disks including MOs, semiconductor memory 
cards such as IC cards and miniature cards and other 
types of computer usable devices and media. 
[0069] After the above step S22 is performed, the 
mesh pattem setting unit 113 at step S23 causes the 
processor to receive a mesh pattern input by the user 
The Input mesh pattern is superimposed on the back- 
ground image on the display monitor during the subse- 
quent processing of the new entry processing unit 103. 
[0070] Positions of input image points specified by the 
user on the display monitor with the mouse during the 
image password processing may not be sensitive 
enough for the system 100 to recognize. The mesh pat- 
tern superimposed on the background Image allows the 
system 100 to recognize the respective positions of in- 



put image points specified by the user with Increased 
accuracy. 

[0071] After the above step S23 is performed, the po- 
sition/sequence data setting unit 1 1 4 at step S24 causes 
the processor to receive positions of input image points 
and a sequence of the positions specified by the user 
on the display monitor with the mouse. As described 
above, the background image on which the mesh pat- 
tern is superimposed Is displayed on the display moni- 
tor, and the user specifies the positions of the Input im- 
age points on the background image by using the 
mouse. The number of the Input image points specified 
by the user corresponds to the number of digits of the 
Image password. 

[0072] After the above step S24 is performed, the en- 
cryption key generating unit 115 at step S25 causes the 
processor to create an encryption key based on the 
specified positions of the input Image points and the 
specified sequence of the positions, which have been 
obtained at the above step S24. The encryption key ob- 
tained at the above step S25 is a specific numerical val- 
ue, and the numerical value of the encryption key is cal- 
culated based on the specified positions and the spec- 
ified sequence obtained at the above step S24. 
[0073] After the above step S25 is performed, the se- 
cret key setting unit 116 at step 526 causes the proces- 
sor to receive plain data (a numerical value) of a secret 
key input by the user. In the present embodiment, an IC 
card in which the plain data of the input secret key is 
stored may be inserted in the system 100 In order to 
input the plain data of the secret key to the system 1 00. 
If the input of the secret key data is performed with the 
iC card at a time. Inserting the IC card in the system 1 00 
at subsequent times can be omitted. 
[0074] After the above step S26 is performed, the en- 
cryption unit 117 at step S27 causes the processor to 
generate encrypted data of the input secret key based 
on the encryption key which has been obtained at the 
above step S25. In the present embodiment, at the 
above step S27, a DES (data encryption standard) al- 
gorithm Is used to generate encrypted data of the input 
secret key based on the encryption key. 
[0075] After the above step S27 is performed, the se- 
cret key storing unit 118 at step S28 causes the proces- 
sor to store the encrypted data of the secret key, which 
has been obtained at the above step S27, in the secret 
key database 131 of the system 100. In the secret key 
database 131, the registered Image password (or the 
positions of the input image points and the sequence of 
the positions specified by the user with respect to the 
corresponding encryption key for the secret key) is 
stored in connection with the encrypted data of the se- 
cret key 

[0076] After the above step S28 is performed, the user 
environment setting storing unit 11 9 at step S29 causes 
the processor to store the user environment setting, 
which has been received at the above steps S21-528, 
In the user environment setting database 1 32 of the sys- 
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tern 100. 

[0077] FIG. 7A and FIG. 7B show the contents of the 
secret key database 1 31 and the user environment set- 
ting database 1 32 after the new entry processing of FIG. 
6 is performed. 

[0078] A user code, as indicated in FIGs. 7A and 7B, 
is a code to identify the user who has carried out the 
new entry processing of FIG. 6. For a specified user, a 
specified user code is commonly allocated for the secret 
key database 1 31 and the user environment setting da- 
tabase 132. 

[0079] A user name, as indicated in FIG. 7B, is the 
same as the input user name which has been obtained 
at the above step S21. A background image code, as 
indicated in FIG, 78, is a code to specify the input back- 
ground Image which has been obtained at the above 
step S22. 

[0080] A secret key A, as Indicated in FIG. 7A, indi- 
cates the encrypted data of the secret key which has 
been stored at the above step S28. As described above, 
the encrypted data of the secret key, generated at the 
above step S27, is stored in the secret key database 
131. 

[0081] A cipher code, as indicated in FIG. 7A, is a data 
item used to decrypt the encrypted data Into the plain 
data of the secret key. Specifically, the cipher code is 
calculated as a difference between the plain data (the 
numerical value) of the secret key and the encrypted da- 
ta (the numerical value) of the secret key. 
[0082] A user environment code, as indicated In FIG. 
78, is a code to indicate the user environment setting, 
such as the used browser, which has been obtained at 
the above step S21 . The user environment code is read 
from the user environment setting database 132 during 
a processing performed by the image password 
processing unit 104. 

[0083] A previous access address, as indicated in 
FIG. 7A, is an address of a destination communication 
service to which the secret key from the secret key da- 
tabase 1 31 is previously transmitted by the secret key 
processing unit 104 or the used browser. 
[0084] In the image password processing unit 104 of 
the system 100 of FIG. 5, a user name selection unit 
121, a background/pattern display unit 122, an image 
password reception unit 123, an image password judg- 
ment unit 124, and a decryption unit 125 are provided. 
[0085] FIG. 8 shows an image password processing 
performed by the image password processing unit 104 
in the secret data management system 100. 
[0086] In the present embodiment, an image pass- 
word processing program related to the flowchart of FIG. 
8 (which will be described later) is program code Instruc- 
tions stored in the memory of the secret data manage- 
ment system 100. The memory corresponds to a com- 
puter readable medium in the claims. The computer 
readable medium includes any Instruction storage de- 
vice, such as for examples, magnetic disks including 
floppy disks, optical disks Including CD-ROMs, magne- 



to-optical disks including MOs, semiconductor memory 
cards such as IC cards and miniature cards and other 
types of computer usable devices and media. 
[0087] In the present embodiment, the memory of the 

5 secret data management system 1 00 may store encod- 
ed or non-encoded instructions. The instructions may 
be installed from a floppy disk (or a CD-ROM) to the hard 
disk drive of the secret data management system 100 
first, transferred to the RAM of the system 100 and then 

10 read by the processor of the system 100. The memory 
of the secret data management system 100 may store 
either all or a part of the instructions related to the flow- 
chart of FIG. 8. 

[0088] During the image password processing of FIG. 
15 8, an authentication of the user for the image password 
is carried out by the user on the display monitor by using 
only the mouse. 

[0089] At the start of the image password processing 
of FIG. 8, the user name selection unit 121 at step S31 

20 causes the processor to display a list of registered user 
names, which are stored in the user environment setting 
database 132 by the new entry processing unit 103, on 
the display monitor, and prompts the user to input a de- 
sired user name with the mouse. 

25 [0090] After the above step S31 is performed, the 
background/pattern display unit 1 22 at step S32 causes 
the processor to display the background image with the 
mesh pattern superimposed, which is stored in the user 
environment setting database 132 by the new entry 

30 processing unit 103, on the display monitor. The back- 
ground image with the mesh pattern, displayed at the 
above step S32, is related to the input user name within 
the user environment setting database 132 as shown in 
FIG. 78. 

35 [0091] After the above step S32 is performed, the im- 
age password reception unit 1 23 at step S33 causes the 
processor to prompt the user to input an image pass- 
word on the display monitor with the mouse, and receive 
positions of input image points and a sequence of the 
40 positions cu rrently specified by the user. When the user 
clicks a specific point on the background image with the 
mesh pattern, a color or a dot pattern of the display mon- 
itor at the point changes. The positions of the input im- 
age points on the background image are given to the 
45 user in visual form, and the user can confirm the input 
Image password on the display monitor. 
[0092] After the above step S33 is performed, the im- 
age password judgment unit 124 at step S34 causes the 
processor to determine whether the input image pass- 
so word, which has been obtained at the above step S33, 
accords with the registered image password which is 
stored in the secret key database 1 31 by the new entry 
processing unit 103. 

[0093] When the result of the above step S34 is af- 
55 f irmative, the decryption unit 1 25 at step S35 causes the 
processor to decrypt the encrypted data of the secret 
key, read from the secret key database 131, Into the 
plain data. Further, the decryption unit 125 at step S35 
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causes the processor to read the user environment code 
from the user environment setting database 1 32, and 
perform either a secret key display processing or a 
browser link processing according to the content of the 
user environment code. When the browser link process- s 
ing is performed, the decryption unit 125 at step S35 
causes the processor to read the previous access ad- 
dress from the secret key database 131, and set an ad- 
dress of a destination communication service to which 
the browser currently transmits the plain data of the se- 
cret key, by the previous access address. 
[0094] When the result of the above step S34 is neg- 
ative, the image password processing unit 104 causes 
the processor to output an error message indicating that 
the input image password is invalid. 
[0095] FIG. 9 shows an additional entry processing 
performed by the additional entry processing unit 105 in 
the secret data management system 100. 
[0096] In the present embodiment, an additional entry 
processing program related to the flowchart of FIG. 9 
(which will be described later) is program code instruc- 
tions stored in the memory of the secret data manage- 
ment system 100. The memory corresponds to a com- 
puter readable medium in the claims. The computer 
readable medium includes any instruction storage de- 
vice, such as for examples, magnetic disks including 
floppy disks, optical disks Including CD-ROMs, magne- 
to-optical disks including MOs, semiconductor memory 
cards such as IC cards and miniature cards and other 
types of computer usable devices and media. 
[0097] In the present embodiment, the memory of the 
secret data management system 1 00 may store encod- 
ed or non-encoded instructions. The Instructions may 
be installed from a floppy disk (or a CD-ROM) to the hard 
disk drive of the secret data management system 100 
first, transferred to the RAM of the system 1 00 and then 
read by the processor of the system 1 00. The memory 
of the secret data management system 100 may store 
either all or a part of the instructions related to the flow- 
chart of FIG. 9. 

[0098] During the additional entry processing of FIG. 
9, an additional secret key entry into the secret key da- 
tabase 131 and an additional user environment setting 
entry, related to the secret key entry, into the user envi- 
ronment setting database 1 32 are carried out by the im- 
age password user. 

[0099] At the start of the additional entry processing 
of FiG. 9. the additional entry processing unit 105 at step 
S41 causes the processor to display the list of registered 
user names, which are stored in the user environment 
setting database 132 by the new entry processing unit 
103, on the display monitor, and prompt the user to input 
a desired user name with the mouse. 
[0100] After the above step S41 is performed, the ad- 
ditional entry processing unit 105 at step S42 causes 
the processor to display the background image with the 
mesh pattern superimposed, which is stored in the user 
environment setting database 132 by the new entry 



processing unit 103, on the display monitor. The back- 
ground Image code, indicating the background image 
with the mesh pattern displayed at the above step S42, 
is related to the input user name within the user envi- 
ronment setting database 132 as shown in FIG. 7B. 
[0101] After the above step S42 is performed, the ad- 
ditional entry processing unit 105 at step S43 causes 
the processor to prompt the user to input an image pass- 
word on the display monitor with the mouse, and receive 
positions of input image points and a sequence of the 
positions currently specified by the user. When the user 
clicks a specific point on the background image with the 
mesh pattern, a color or a dot pattem of the display mon- 
itor at the point changes. The positions of the input im- 
age points on the background image are given to the 
user in visual form, and the user can confirm the input 
image password on the display monitor. 
[01 02] After the above step S43 Is performed, the ad- 
ditional entry processing unit 105 at step S44 causes 
the processor to detemiine whether the input image 
password, which has been obtained at the above step 
S43, accords with the registered image password which 
is stored in the secret key database 1 31 by the new entry 
processing unit 1 03. It is possible that the determination 
as to whether the Input image password accords with 
the registered image password be made by comparing 
an encryption key, derived from the specified positions 
of the input image points and the specified sequence of 
the positions, with the encryption key read from the se- 
cret key database 1 31 . 

[0103] When the result of the above step S44 is af- 
firmative, the additional entry processing unit 1 05 at step 
S45 causes the processor to decrypt the encrypted data 
of the secret key, read from the secret key database 1 31 , 
into the plain data. 

[0104] When the result of the above step S44 is neg- 
ative, the additional entry processing unit 105 causes 
the processor to output an error message indicating that 
the input image password is invalid. After the above step 
S45 is performed, the additional entry processing unit 
105 at step S46 causes the processor to receive plain 
data of an additional secret key input by the user. 
[0105] After the above step S46 is performed, the ad- 
ditional entry processing unit 105 at step S47 causes 
the processor to generate encrypted data of the input 
secret key based on the encryption key which has been 
obtained for the existing secret key by the new entry 
processing unit 103. In the present embodiment, at the 
above step S47, the DES algorithm Is used to generate 
encrypted data of the input secret key based on the en- 
cryption key. 

[0106] After the above step S47 is performed, the ad- 
ditional entry processing unit 105 at step S48 causes 
the processor to store the encrypted data of the secret 
key, which has been obtained at the above step S47, in 
the secret key database 131 of the system 100. 
[0107] After the above step S48 is performed, the ad- 
ditional entry processing unit 105 at step S49 causes 
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the processor to store the user environment setting, 
which has been received at the above steps S41-S48, 
in the user environment setting database 1 32 of the sys- 
tem 100. 

[0108] FIG. 10 shows the contents of the secret key 
database 311 in the secret data management system 
1 00 after the additional entry processing of FIG. 9 is per- 
formed. 

[0109] As shown in FIG. 10, after the additional entry 
processing of FIG. 9 is performed, an additional secret 
key B for the user name and the cipher code, which are 
the same as the user name and the cipher code related 
to the existing secret key A, is stored in the secret key 
database 311 . According to the performance of the ad- 
ditional entry processing of FIG. 9, it is possible that a 
plurality of secret keys for a single image password be 
registered into the secret key database 311. 
[0110] As shown in FIG. 10, an additional previousac- 
cess address for the secret key B, which is different from 
the previous access address for the secret key A, is 
stored in the secret key database 311. the secret data 
management apparatus of the present embodiment can 
transmit the secret key to a different destination com- 
munication service for one of the secret keys A and B. 
Further, if an additional data item is stored in the secret 
key database 1 31 and the user environment setting da- 
tabase 1 32, it is possible for the secret data manage- 
ment apparatus and method of the present embodiment 
to provide an additional communication service for the 
user. 

[0111] FIG. 11 showsan entry update processing per- 
formed by the secret data management apparatus of 
FIG. 5. 

[0112] In the present embodiment, an entry update 
processing program related to the flowchart of FIG. 11 
(which will be described later) is program code instruc- 
tions stored in the memory of the secret data manage- 
ment system 100. The memory corresponds to a com- 
puter readable medium in the claims. The computer 
readable medium includes any instruction storage de- 
vice, such as for examples, magnetic disks including 
floppy disks, optical disks including CD-ROMs, magne- 
to-optical disks including bAOs, semiconductor memory 
cards such as IC cards and miniature cards and other 
types of computer usable devices and media 
[0113] In the present embodiment, the memory of the 
secret data management system 1 00 may store encod- 
ed or non-encoded instructions. The instructions may 
be installed from a floppy disk (or a CD-ROM) to the hard 
disk drive of the secret data management system 100 
first, transferred to the RAM of the system 100 and then 
read by the processor of the system 100. The memory 
of the secret data management system 100 may store 
either all or a part of the instructions related to the flow- 
chart of FIG. 11. 

[0114] During the entry update processing of FIG. 11 , 
an updating of an existing secret key entry in the secret 
key database 1 31 is carried out by the image password 



user. 

[0115] At the start of the entry update processing of 
FIG. 11, the entry update processing unit 106 at step 
S51 causes the processor to display the list of registered 

5 user names, which are stored in the user environment 
setting database 132 by the new entry processing unit 
103, on the display monitor, and prompt the user to input 
a desired user name with the mouse. 
[Oil 6] After the above step S51 is performed, the en- 

10 try update processing unit 106 at step S52 causes the 
processor to display the background image with the 
mesh pattern superimposed, which is stored in the user 
environment setting database 132 by the new entry 
processing unit 103, on the display monitor. The back- 
us ground image code, indicating the background image 
with the mesh pattern displayed at the above step S52, 
is related to the input user name within the user envi- 
ronment setting database 1 32. 
[Oil 7] After the above step S52 is performed, the en- 

20 try update processing unit 106 at step S53 causes the 
processor to prompt the user to input an image pass- 
word on the display monitor with the mouse, and receive 
positions of input image points and a sequence of the 
positions currently specified by the user. When the user 

25 clicks a specific point on the background image with the 
mesh pattern, a color or a dot pattern of the display mon- 
itor at the point changes. The positions of the input im- 
age points on the background image are given to the 
user in visual form, and the user can confirm the input 

30 image password on the display monitor. 

[0118] After the above step S53 is performed, the en- 
try update processing unit 106 at step S54 causes the 
processor to determine whether the input image pass- 
word, which has been obtained at the above step S53, 

35 accords with the registered image password which is 
stored in the secret key database 1 31 by the new entry 
processing unit 103. 

[0119] When the result of the above step S54 is af- 
firmative, the entry update processing unit 106 at step 
40 S55 causes the processor to decrypt the encrypted data 
of the secret key, read from the secret key database 131, 
into the plain data. 

[0120] When the result of the above step S54 is neg- 
ative, the entry update processing unit 1 06 causes the 

45 processor to output an error message indicating that the 
input image password is invalid. During the entry update 
processing of FIG. 11 , the following steps S56-S64 are 
performed by the entry update processing unit 106 for 
only the image password user who has been success- 

50 fully authenticated at the above steps S54 and S55. 
[0121] After the above step S55 is performed, the en- 
try update processing unit 106 at step S56 causes the 
processor to receive a user environment setting for the 
secret data management system 1 00 input by the user 

55 on the display monitor using the mouse. The environ- 
ment setting input by the user includes a user name, a 
used browser, and a browser link option. 
[01 22] After the above step S56 is performed, the en- 
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try update processing unit 106 at step 857 causes the 
processor to receive a background image input by the 
user. The input background image is displayed on the 
display monitor after the above step S57 is performed 
during the entry update processing. s 
[01 23] After the above step S57 is performed, the en- 
try update processing unit 106 at step S58 causes the 
processor to receive a mesh pattern input by the user. 
The input mesh pattern is superimposed on the back- 
ground image on the display monitor during a subse- 
quent processing of the entry update processing unit 
106. 

[0124] After the above step S58 is performed, the en- 
try update processing unit 106 at step S59 causes the 
processor to receive positions of input image points and 
a sequence of the positions newly specified by the user 
(or an updated image password). The background im- 
age on which the mesh pattern is superimposed is dis- 
played on the display monitor, and the user newly spec- 
ifies the positions of the input image points on the back- 
ground image by using the mouse. 
[01 25] After the above step S59 is performed, the en- 
try update processing unit 106 at step S60 causes the 
processor to create an encryption key based on the 
specified positions of the input image points and the 
specified sequence of the positions, which have been 
obtained at the above step S59. The encryption key ob- 
tained at the above step S60 is a specific numerical val- 
ue, and the numerical value of the encryption key is cal- 
culated based on the specified positions and the spec- 
ified sequence obtained at the above step S59. 
[0126] After the above step S60 is performed, the en- 
try update processing unit 106 at step S61 causes the 
processor to receive plain data of a secret key input by 
the user. In the present embodiment, an IC card in which 
the plain data of the input secret key is stored may be 
inserted in the system 1 00 in order to Input the plain data 
of the secret key to the system 100. 
[0127] Atterthe above step S61 is performed, the en- 
try update processing unit 1 06 at step S62 causes the 
processor to generate encrypted data of the input secret 
key based on the encryption key which has been ob- 
tained at the above step S60. In the present embodi- 
ment, at the above step S62, the DES algorithm is used 
to generate encrypted data of the input secret key based 
on the encryption key. 

[0128] After the above step S62 is performed, the en- 
try update processing unit 1 06 at step S63 causes the 
processor to store the encrypted data of the secret key, 
which has been obtained at the above step S62, in the 
secret key database 131 of the system 100. In the secret 
key database 1 31 . the registered updated image pass- 
word (or the positions of the input image points and the 
sequence of the positions specified by the user with re- 
spect to the corresponding encryption key for the secret 
key) is stored in connection with the encrypted data of 
the secret key. 

[01 29] After the above step S63 is performed, the en- 



try update processing unit 106 at step S64 causes the 
processor to store the user environment setting, which 
has been received at the above steps S56-S63, in the 
user environment setting database 132 of the system 
100. 

[0130] Next, a description will be given of various dis- 
play screens provided for the user by the secret data 
management system 100 of the present embodiment 
with reference to FIGs. 12-22. 

[0131] FIG. 12 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
user environment setting step. This display screen cor- 
responds to the step S21 of FIG. 6 or the step S56 of 
FIG. 11. 

[0132] As shown in FIG. 12, the user inputs the user 
environment setting for the secret data management 
system 1 00 on the display monitor using the mouse or 
the keyboard. The environment setting input by the user 
includes a user name, a used browser, and a browser 
link option. When the browser link option is used, a se- 
cret key Is transmitted through the browser to a destina- 
tion communication service. When a display monitor 
choice is used, the whole processing is performed on 
the display monitor only 

[0133] FIG. 13 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
background image setting step. This display screen cor- 
responds to the step S22 of FIG. 6 or the step S57 of 
FIG. 11. 

[0134] As shown in FIG. 13, the user selects one of 
the registered background images, the user-defined 
background image and another background image 
transferred from an external image storage medium, by 
using the mouse. After a desired background innage 
choice is input by the user, the input background image 
is displayed in a box of the display screen as shown in 
FIG. 13. 

[0135] FIG. 14 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
mesh pattern setting step. This display screen corre- 
sponds to the step S23 of FIG. 6 or the step S58 of FIG. 

11. 

[0136] As shown in FIG. 14, the user selects one of a 
number of registered mesh sizes and one of registered 
mesh pattern colors. When desired mesh pattern choic- 
es are input by the user, the input mesh pattern is su- 
perimposed on the input background image in the box 
of the display screen as shown in FIG. 14. The user can 
confirm that the desired mesh pattern is selected in the 
secret data management system 1 00. 
[0137] FIG. 15 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
position/sequence data setting step. This display screen 
corresponds to the step S23 of FIG. 6 or the step S58 
of FIG. 11. 

[0138] As shown in FIG. 15, by using the mouse, the 
user selects one of a plurality of registered numbers of 
digits of the input image password, and specifies posl- 
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tions of input image points and a sequence of the posi- 
tions on the background image with the mesh pattern 
displayed on the display monitor. The number of the po- 
sitions which the user can specify depends on the se- 
lected number of digits of the input Image password. If 
the number of the positions specified by the user ex- 
ceeds the selected number of digits, an error message 
is output. If the number of the positions specified by the 
user is less than the selected number of digits and an 
OK button is clicked, an error message is output which 
prompts the user to specify all the input image points on 
the background image. 

[0139] When a specific point on the background im- 
age in the box of the display screen is clicked by the 
user, a color or a dot pattern of the display monitor at 
the point within the background image changes. The po- 
sitions of the input image points specified by the user 
on the background image are given to the user in visual 
form. Further, in the display screen of FIG. 15, the se- 
quence of the positions specified by the user is indicated 
by a row of small boxes having different dot pattems, 
which correspond to the dot patterns of the display mon- 
itor at the input image points on the background image. 
Therefore, the user can confirm the specified positions 
of the input image points and the specified sequence of 
the positions (or the input image password) on the dis- 
play monitor. 

[0140] FIG. 16 is a diagram for explaining a configu- 
ration of the encryption key generating unit 115 of the 
secret data management apparatus of FIG. 5. The con- 
figuration of the encryption key generating unit 115 will 
now be described with reference to FIG. 16. 
[0141] In the example of FIG. 16, the number of digits 
of the image password is set at 4, and the mesh pattern 
is provided in a 8 x 1 0 matrix formation. That is, the back- 
ground image consists of a matrix of image points with 
8 rows and 10 columns, and the positions of the four 
input image points and the sequence of the positions 
are specified as shown in FIG. 16. 
[0142] AsshowninFIG. 16, a (x, y) coordinate system 
is defined for the background image of the present ex- 
ample. The position of the image point at the left upper- 
most corner of the background image is defined by (1, 
1), and the position of the image point at the right up- 
permost corner of the background image is defined by 
(10, 1). Suppose that the four input image points on the 
background image are clicked by the user in the speci- 
fied sequence. The encryption key created by the en- 
cryption key generating unit 115 of the present embod- 
iment in this example is indicated by the specified se- 
quence of the four (x, y) coordinates: (1 , 2), (3, 8), (7, 8) 
and (10, 2). 

[0143] In the present embodiment, the encryption unit 
117 generates encrypted data of the input secret key 
based on the specified sequence of the (x, y) coordi- 
nates in accordance with the DES algorithm. The DES 
algorithm performs a one-to-one numerical letter substi- 
tution of the input secret key according to the specified 



sequence of the (x, y) coordinates. First, the numerical 
letter of the y-coordinate is substituted for the numerical 
letter of the x-coordinate. Second, the numerical letter 
of the x-coordinate is substituted for the numerical letter 
s of the y-coordinate. And the two substitution procedures 
are alternately repeated in accordance with the speci- 
fied sequence. 

[0144] In the example of FIG. 16, the encryption of the 
input secret key to generate encrypted data of the input 

10 secret key is carried out by the encryption unit 117 of 
the present embodiment as follows. 
[0145] Suppose that the input secret key is 1 234. The 
specified sequence of the four (x, y) coordinates are giv- 
en as (1, 2), (3, 8), (7, 8) and (10, 2). As the first input 

15 point is indicated by (1, 2), the letter "2" is substituted 
for the letter "1". As the second input point is indicated 
by (3, 8), the letter "3" is substituted for the letter "8". 
However, the input secret key does not include the letter 
"8" and no substitution is performed. As the third input 

20 point is indicated by (7, 8), the letter "8" is substituted 
for the letter "7". However, the input secret key does not 
include the letter "7" and no substitution is performed. 
As the fourth input point is indicated by (10, 2), the letter 
"0" is substituted for the letter "2". Consequently, the 

2S above encryption is performed as follows. 



input secret key 


1234 


(1.2) 


2234 


(3. 8) 


2234 


(7. 8) 


2234 


(10, 2) 


0034 



[0146] According to the above-described encryption 
algorithm, the length of the encrypted data is the same 
as the length of the input secret key, and the lengths of 
secret key data before and after the encryption is per- 
formed remain unchanged. 

[0147] Further, in the present embodiment, the de- 
cryption to generate the plain data of the secret key from 
the encrypted data of the secret key is performed by the 
decryption unit 125 by adding a cipher code to the en- 
crypted data. As described above, the cipher code is cal- 
culated as the difference between the plain data of the 
secret key and the encrypted data of the secret key. In 
the example of FIG. 16, the cipher code is calculated as 
in the formula 1200 = 1234 - 0034. Therefore, the de- 
cryption to generate the plain data (1234) from the ci- 
pher data (0034) in this example is perfomned by the 
decryption unit 125 by adding 1200 to 0034. 
[0148] FIG. 17 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at an 
encryption key generating step. This display screen cor- 
responds to the step S25 of FIG. 6 or the step S60 of 
FIG. 11. 

[0149] As shown in FIG. 17, after the above steps 
S21 -S24 of FIG. 6 or the above steps S56-S59 are suc- 
cessfully performed, the user is notified on the display 
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monitor by the secret data management system 1 00 that 
an encryption key, intrinsic to the user, is created by the 
positions of the input image points and the sequence of 
tine positions specified by the user 
[0150] FIG. 18 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
secret key setting step. This display screen corresponds 
to the step S26 of FIG. 6 or the step S61 of FIG. 11 . 
[0151] As shown In FIG. 18, the user is prompted to 
select one of a plurality of secret key input methods on 
the display screen. The plurality of secret key input 
methods include: (1) a secret key input by an IC card; 
(2) a secret key input by a file transfer; and (3) a secret 
key input by a keyboard. After the user selects the input 
method and presses the OK button, the plain data of the 
secret key input by the user is received by the system 
100. 

[0152] FIG. 19 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
registered user name setting step. This display screen 
corresponds to the step S31 of FIG. 8. 
[0153] During the image password processing of FIG. 
8, an authentication of the user for the image password 
is carried out by the user on the display monitor by using 
only the mouse. The secret data management appara- 
tus of the present embodiment can provide increased 
operability for the user and adequate security for the se- 
cret information. 

[0154] As shown in FIG. 19, at the registered user 
name setting step, the user is prompted to select one of 
the registered user names in the user name list on the 
display monitor. 

[0155] FIG. 20 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at a 
background/pattern display step. This display screen 
corresponds to the steps S32 and S33 of FIG. 8. 
[0156] As shown in FIG. 20, the background Image 
with the mesh pattern previously set by the user is dis- 
played on the display monitor. In the example of FIG. 
20, the user may select one of a mesh pattern display 
option ("ON") and a mesh pattern non-display option 
("OFF"). At the image password reception step, the user 
is prompted to specify the positions of the input image 
points on the background image and the sequence of 
the positions by using the mouse. After the user presses 
the OK button, the positions of the input image points 
and the sequence of the positions specified by the user 
are received by the system 100. 
[0157] FIG. 21 shows a display screen provided by 
the secret data management apparatus of FIG. 5 at an 
image password reception step. This display screen 
corresponds to the step S34 of FIG. 8. 
[0158] As shown in FIG. 21, when the result of the 
step S34 is affirmative, the user is notified by the system 
100 on the display monitor that the image password in- 
put by the user is accepted by the system 100. Further, 
the user is prompted to select one of a plurality of secret 
key transmission methods on the display monitor by us- 



ing the mouse. The plurality of secret key transmission 
methods include: (1 ) a transmission of the secret key 
data by the browser; (2) a transfer of the secret key data 
to the display monitor; and (3) a transfer of the secret 

5 key data to a file within the storage medium of the sys- 
tem 1 00. After the user selects the secret key transmis- 
sion method and presses the OK button, the plain data 
of the secret key from the system 1 00 is transmitted ac- 
cording to the selected method. 

10 [0159] FIG, 22A and FIG. 22B show display screens 
provided by a browser when the browser link option is 
used. 

[0160] The display screen of FIG. 22A is provided by 
the browser after the authentication of the user for the 
15 image password is carried out. It is supposed that the 
browser link option is used. When a digital signature but- 
ton in the display screen is clicked, the user is prompted 
to input a destination to which the secret key data is 
transmitted. The secret key data transmitted by the 
20 browser is stored into the destination input by the user. 
[0161] When the secret key specified by the user is 
not used before, the image password processing which 
is placed into an icon of the display screen is started. 
The display screen of FIG. 22B is provided by the brows- 
es er in such a case. In the display screen of FIG. 22B, the 
user is prompted to select one of the secret keys issued 
from a plurality of certificate authorities and owned by 
the user, as being the secret key that the user want to 
currently use. 

30 [0162] After the data of the selected secret key in the 
display screen of FIG. 228 is transmitted to the destina- 
tion, the previous access address for the corresponding 
secret key stored in the secret key database 1 31 is up- 
dated such that the address of the related destination 

35 communication service in connection with the secret key 
is modified. Further, a data item of the related certificate 
authority may be added to the secret key database 1 31 , 
According to this modification, the secret data manage- 
ment apparatus of the present embodiment can provide 

40 increased operability for the user and adequate security 
for the secret information. It is not necessary for the user 
to memorize both the secret key and the related certifi- 
cate authority for each communication sen^ice. 
[0163] Further, the present invention is not limited to 

45 the above-described embodiment, and variations and 
modifications may be made without departing from the 
scope of the present invention. 

50 Claims 

1 . A secret data management apparatus for control- 
ling a secret key so that the secret key is kept con- 
fidential, the secret data management apparatus 
55 comprising: 

an image display unit (10) for displaying an im- 
age on a display monitor (4); 
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a position/sequence input unit (12) for inputting 
positions of input image points on the image us- 
ing an input device (6) and for inputting a se- 
quence of the positions using the input device; 
an encryption unit (1 4) for generating encrypted s 
data of the secret key based on the positions 
and the sequence from the position/sequence 
input unit (12); 

a secret data storage unit (16) for storing the 
encrypted data of the secret key from the en- io 
cryption unit (14) in a storage medium; 
an access allowance unit (18) for allowing ac- 
cess to the secret key stored in the storage me- 
dium when positions of input image points on 
the image and a sequence of the positions, sub- ^5 
sequently specified using the input device at a 
time of the access, match with the positions and 
the sequence from the position/sequence input 
unit (12); and 

a decryption unit (20) for generating plain data 20 
of the secret key from the encrypted data stored 
in the storage medium when the access is al- 
lowed by the access allowance unit (18). 

The secret data management apparatus according 2S 
to claim 1 , characterized in that the encryption unit 
(42) comprises: 

an encryption key generating unit (44) for gen- 
erating an encryption key based on the posi- so 
tions and the sequence from the position/se- 
quence input unit (40); and 
a secret key encryption unit (46) for generating 
encrypted data of the secret key based on the 
encryption key from the encryption key gener- 35 
ating unit (44). 

The secret data management apparatus according 
to claim 2, characterized in that the encryption key 
generating unit (44) calculates a value of the en- 40 
cryption key based on the positions and the se- 
quence from the position/sequence input unit (40), 
and that the secret key encryption unit (46) per- 
forms a one-to-one letter substitution of the input 
secret key according to the calculated value from 45 
the encryption key generating unit (44). 

The secret data management apparatus according 
to claim 1, characterized in that the image display 
unit (10) displays a mesh pattern superimposed on so 
the image on the display monitor (4), said mesh pat- 
tern having a selectable mesh size and a selectable 
mesh pattern color. 

A secret data management apparatus for control- ss 
ling a secret key issued by a certificate authority so 
that the secret key is kept confidential, the secret 
data management apparatus comprising: 



an image display unit (32) for displaying an im- 
age on a display monitor (4); 
a position/sequence input unit (40) for inputting 
positions of input image points on the image us- 
ing an input device (6) and for inputting a se- 
quence of the positions using the input device; 
an encryption unit (42) for generating encrypted 
data of the secret key based on the positions 
and the sequence from the position/sequence 
input unit (40); 

a secret data storage unit (50) for storing the 
encrypted data of the secret key from the en- 
cryption unit (42) in a first storage medium; 
an access allowance unit (60) for allowing ac- 
cess to the secret key stored in the first storage 
medium when positions of input image points 
on the image and a sequence of the positions, 
subsequently specified using the input device 
at a time of the access, match with the positions 
and the sequence from the position/sequence 
Input unit (40); and 

a decryption unit (66) for generating plain data 
of the secret key from the encrypted data stored 
in the first storage medium when the access is 
allowed by the access allowance unit (60). 

6. The secret data management apparatus according 
to claim 5, characterized in that the encryption unit 
(42) comprises: 

an encryption key generating unit (44) for gen- 
erating an encryption key based on the posi- 
tions and the sequence from the position/se- 
quence input unit (40); and 
a secret key encryption unit (46) for generating 
encrypted data of the secret key based on the 
encryption key from the encryption key gener- 
ating unit (44). 

7. The secret data management apparatus according 
to claim 6, characterized in that the encryption key 
generating unit (44) calculates a value of the en- 
cryption key based on the positions and the se- 
quence from the position/sequence input unit (40), 
and that the secret key encryption unit (46) per- 
forms a one-to-one letter substitution of the secret 
key from the certificate authority according to the 
calculated value from the encryption key generating 
unit (44). 

8. The secret data management apparatus according 
to claim 5, characterized in that the image display 
unit (32) displays a registered image (34) on the dis- 
play monitor (4). 

9. The secret data management apparatus according 
to claim 5, characterized in that the image display 
unit (32) displays a user-defined image (36) on the 
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display monitor (4). 

10. The secret data management apparatus according 
to claim 9, characterized in that the image display 
unit (32) displays a user-defined image, transferred 
from a second storage medium, on the display mon- 
itor (4), said second storage medium being sepa- 
rated from the first storage medium. 

1 1 . The secret data management apparatus according 
to claim 5, characterized in that said apparatus fur- 
ther comprises a mesh pattem display unit (38) for 
displaying a mesh pattern superimposed on the im- 
age on the display monitor (4), said mesh pattern 
having a selectable mesh size and a selectable 
mesh pattern color. 

12. The secret data management apparatus according 
to claim 5. characterized in that the encryption unit 
(42) generates encrypted data of plural secret keys 
when identical positions of input image points on the 
Image and an identical sequence of the positions 
are specified using the input device (6) and input by 
the position/sequence input unit (40), and that the 
access allowance unit (60) allows access to said 
plural secret keys when the identical positions and 
the identical sequence are subsequently specified 
using the input device at a time of the access. 

13. The secret data management apparatus according 
to claim 5, characterized in that said apparatus fur- 
ther comprises a second input unit (68) for inputting 
user data (54) and user environment data (56) 
specified by a user, and that the secret data storage 
unit (50) stores the user data and the user environ- 
ment data in the first storage medium in addition to 
the encrypted data (52) of the secret key. 

14. The secret data management apparatus according 
to claim 1 3, characterized in that the access allow- 
ance unit (60) comprises: 

an accessibility judgment unit (62) for determin- 
ing whether positions of input image points on 
the image and a sequence of the positions, sub- 
sequently specified using the input device at a 
time of the access, match with the positions and 
the sequence from the position/sequence input 
unit (40); and 

a secret key selection unit (64) for reading the 
user data and the user environment data, in ad- 
dition to the encrypted data of the secret key, 
from the first storage medium when the access 
to the secret key is allowed. 

15. A method of controlling a secret key issued by a cer- 
tificate authority so that the secret key is kept con- 
fidential, the method comprising the steps of: 



inputting user data (54) and user environment 
data (56) specified by a user; 
setting an image to be displayed on a display 
monitor (4); 

s displaying the image on the display monitor and 

inputting positions of input image points on the 
displayed image specified by the user and a se- 
quence of the positions specified by the user; 
generating an encryption key based on the 

10 specified positions and the specified sequence; 

generating encrypted data of the secret key 
based on the encryption key; and 
storing the encrypted data (52) of the secret 
key, the user data (54) and the user environ- 

is ment data (56) in a storage medium, wherein 

the encrypted data, the user data, and the user 
environment data are related to each other, and 
the encrypted data, the user data, and the user 
environment data are registered in the storage 

20 medium. 

16. The method according to claim 15, further compris- 
ing the steps of: 

inputting the user data subsequently specified 
by the user; 

displaying the image on the display monitor (4) 
and inputting positions of input image points on 
the displayed image subsequently specified by 
the user and a sequence of the positions sub- 
sequently specified by the user; 
determining whether the subsequently speci- 
fied positions and sequence match with the pre- 
viously specified positions and sequence; 
generating plain data of the secret key from the 
encrypted data stored in the storage medium 
and related to the user data and allowing ac- 
cess to the secret key in accordance with the 
user environment data related to the secret key 
when said determining step yields the match; 
and 

inhibiting the access to the secret key when 
said determining step does not yield the match. 
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